how to apply LIKE %% to variable?

Question

How can i apply LIKE to my query.

$query_event ="SELECT * FROM event_list WHERE even_title='$EventTitle' AND even_loc='$EventLocation' ";

now suppose there is form which requires either put title or put location in the form or u can put both so what will be the query?

Please help

thanks

Answer 1

Well first, you want to prevent your SQL from injection but you can do this:

$query_event = "SELECT * FROM event_list 
   WHERE even_title LIKE '%".mysql_real_escape_string($EventTitle)."%' 
   AND even_loc LIKE '%".mysql_real_escape_string($EventLocation)."%'";

But you would actually be better of using something like PDO:

$qry = 'SELECT * FROM event_list 
   WHERE even_title LIKE :title 
   AND even_loc LIKE :location';

$data = array( 'title' => '%'.$EventTitle.'%', 
               'location' => '%'.$EventLocation.'%' );

$sth = $pdo->prepare($qry);

$sth->execute($data);

Answer 2

you want something like :

$query_event ="SELECT * FROM event_list WHERE even_title LIKE ('%".$EventTitle."%') AND even_loc LIKE ('%".$EventLocation."%')";

make sure to go through these tutorials there is a LIKE tutorial too

Answer 3

It is as simple as it seems. The {} are not even necessary but add readability for PHP without affecting the SQL validity.

$query_event ="SELECT * FROM event_list WHERE even_title LIKE '%{$EventTitle}%' AND even_loc LIKE '%{$EventLocation}%' ";

Answer 4

You can use following format and always escape inputs using mysql_real_escape_string

$query_event ="SELECT * FROM event_list 
              WHERE even_title LIKE '%".mysql_real_escape_string($EventTitle)."%' 
              AND  even_loc LIKE '%".mysql_real_escape_string($EventLocation)."%'";